Android Malware: Alcatel-Lucent Diagnoses Plague

That trend is inevitable, since cybercrooks are finding in mobile such green field opportunities as SMS monetization, while more users are leaving traditional PCs/laptops to use mobile devices more often for communication, the report said.

LTE devices are twice as likely as others to be infected. However, Alcatel-Lucent said blaming the plague on 4G LTE network technology might be misguided. Instead, what needs to be closely studied is "the behavior of LTE device owners, who do a lot more with data and spend more time browsing." On average, an LTE user will consume twice as much data, including 50% more video, than a 3G user.

Spyware
One worrisome trend that emerged in 2013 is that mobile spyware turns infected smartphones and tablets into cyberespionage devices, according to McNamee.

When asked to elaborate, he said the principle is no different from "spy phone" software prevalent on the consumer market. "You purchase it and install it on your girlfriend's phone, for example." It allows you to track her location remotely, download her contact lists, intercept and send messages, record conversation, and take pictures. "Of course, it can be a legitimate usage if you do this on your children's phones. If you do it on your husband's phone, it's kind of on the edge, but if you do it on the phones of your business partners or strangers, it's beyond that borderline."

When spyware -- similar consumer spy-phone software -- is applied to mobile devices, smartphones become ideal for "advanced persistent threat and cyber espionage attacks against corporate and government networks." Malware deployed on a smartphone can "literally communicate 24/7 through the air, bypassing all corporate security measures." The attacker can "track down your phone's location, monitor phone calls, record conversation and even take pictures and videos."

McNamee said turning an ordinary Android phone into a spy phone is as easy as injecting spy phone software into a copy of Angry Birds and sending an email suggesting that the victim go to the website and install the game.

What to expect next
Kindsight Labs says mobile botnets -- a network of infected computers controlled remotely via the Internet by cybercriminals -- exist today but are not as extensive and disruptive as the Windows/PC variety. That, however, is quickly changing.

Some mobile botnets specialize in SMS spam, the security team said. It predicted that such botnets will grow significantly "as cyber criminals realize that it's more cost-effective to have SMS spam delivered by a botnet than a farm of real phones with unregistered SIM cards."

Botnet-based distributed denial-of-service (DDosS) attacks can also move into the mobile space, the report said. DDoS is an attempt to make a machine or network resource unavailable to its intended users. "It would be possible to direct the attack at the 1-800 number used for inquiries, support and sales."

Another area of concerns is hacktivism. "Imagine an underground hacktivism organization that provided their own app for Android and iPhone." The app presumably would allow the coordination of hacktivism activities and facilitate coordinated DDoS attacks against government, industry and infrastructure.

I think a lot of us have known how Android phones are prone to get infected with malware. What this report tells us, however, is how easy it is for such malware to spread, how the nature of the malware is changing and how much more damange it can do in the future.

Android does not have malware problem. The malware problem comes from Google's policy of not reviewing apps. So, anyone can post anything in the store. Unlike Apple Store which is reviewed and then approved, Google allows anything to get through. Perhaps, they cannot spend few dollars to hire college grads that can look for malware and other issues before approval.

@goafrit exactly my spin on malware in phones. I've been saying for a while that iOS isn't any better at avoiding malware, and that Apple's policy of lockdown is the reason there is little malware in iOS. It's why I have an iPhone even though I think they are inferior to Android phones in many other aspects.

Absolutely, for the fact most times most of the apps are made by the same people, iOS cannot claim to be superior. But with a locked door that is open only when vetted, Apple has found a way to police its ecosystem better unlike Android

"Of course, it can be a legitimate usage if you do this on your children's phones. If you do it on your husband's phone, it's kind of on the edge, but if you do it on the phones of your business partners or strangers, it's beyond that borderline."

What a statement ... I don't know what's worse ... that a business partner is considered to deserve more respect than a husband or that it's considered somewhat OK to install spyware on the husbands phone. How sick is this ? In my POV it's on the edge to use this against your children. Used to be possible to raise them without total surveilance. Now in certain extreme cases - maybe, so "on the edge". But if you start surveiling your husband - where does that end ? Better get a divorce. Sometimes the human "race" seems to be "beyond salvage" ...

Yes, it makes me sick to think if any one in my famil or among my circle of friends were to install a spyware in my phone. But it makes even sicker to stomach that it doesn't matter, who it is, but anyone is capable of doing surveillance on us all...

Uh oh....does this mean Apple once again gets the reputation for being the least attacked? Or is iOS getting hit, too. (Remember when having an Apple computer meant not getting hit by as many viruses as PC)

Junko, I don't think you can blame open source for that, open source means the sourcecode is available and allowed to be modified where as a virus writer really only needs the API which Apple must provide to app developers. goafrit has written that the App Store pre-release surveilance lacking at Google Play is the difference as have I. Add to that that Android apps can be downloaded from many 3rd party sites that also have no control over what is made available and you have the most likely cause. It is likely that the iPhones with malware were jail broken as I don't see another method to get a contaminated app onto an iPhone.

Android is an open OS but not really an open source. Try to create a unique favor of Android, Google will send you a letter. You have limited rooms to modify that OS. It is open but never open source as largely it is mainly Google that develops it

@goafrit, What you say about Android is interesting and surprising, the GPL (used for Linux) says you may modify as much as you like for your own use but any changes that are distributed must have their source code revealed. Given that Android is based on Linux (correct me please if I'm wrong) I would have thought they must provide full source code therefore. At most they could prevent you from using the "Android" name for a dirivative work that they don't feel complies with what they set out to do, I would have thought.

My point is that only Google does most of the works on Android. I know you can do marginal customizations. When Facebook wanted to radically redesign the software, Google refused. When Amazon wanted to do same, it refused. So, it is NEVER open source as not a commuity is maintaining, it is a single company that runs Android. The problem is that people confuse open source with open tool. When Android is an open OS, it is not open source!

I'm sorry, I do understand what you mean, all I am saying is that the source for Android must be available (because it is a Linux flavour and therefore the source is open) and that if you make a change Google doesn't like they will only be able to stop you from calling it Android, ie. Facebook could make changes and call it FaceOS and Amazon could make changes and call it AmOS and if enough people wanted to further their flavours they could.

Currently Google funds a lot of the Android development and many outsiders participate using their rule book but Facebook and Amazon could go it alone and my guess is they choose not to because the fragmentation would cost more than it's worth.

After all, 3 flavours of an Android like Linux OS would reduce sales and make them less desirable to app developers.

In fact I believe if all of the Linux desktop advocates would get behind one single distribution it would in a short period of time supplant windoze as the preferred desktop OS in maybe 5-10 years.

I have a 2-year old Galaxy Ace - it's due for upgrade soon. When I first had it, I put on a free (AVG?) anti-virus app. But, with each "upgrade" of my other apps, they have taken more and more of the phone's memory and the anti-virus has had to go (as has TuneIn Radio. :-( ). My next phone will have more umph, even if i have to pay more for it.